In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.
CPE | Name | Operator | Version |
---|---|---|---|
octopus_deploy | ge | 3.3.0 | |
octopus_deploy | le | 2019.10.4 |